Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bd5b03d52a...18.exe

windows7-x64

7

bd5b03d52a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.exe

  • Size

    16.3MB

  • MD5

    bd5b03d52a3ad147dffb2d47116c81a6

  • SHA1

    25787746916d23d77a212d86e6ef51c415f98781

  • SHA256

    9d2a6e4b5fcff9e5dd4a064b414c402d2173bac5a5c593bf50a807988332e632

  • SHA512

    60b7eae5c9c4d31ad93c229777376f3360d564719b5d7456063c103f820480e1e35c6fa9b9d9657f5cc5d0071853b95e051d5135e268e1dbee7b516a180e2992

  • SSDEEP

    393216:WtHPtYj5dab4Mj0lXyjo6QJByc2yJNo6UEaS8U7f:WtFc5YPQlij5Qac2yQ6UEHF7f

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Users\Admin\AppData\Local\Temp\is-0PKBN.tmp\bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0PKBN.tmp\bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.tmp" /SL5="$D0172,16368538,730112,C:\Users\Admin\AppData\Local\Temp\bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0PKBN.tmp\bd5b03d52a3ad147dffb2d47116c81a6_JaffaCakes118.tmp
    Filesize

    2.4MB

    MD5

    60526ec56d4a08401f4c9d9bfd8fde06

    SHA1

    3f5a331ef2123b8934434df050e1a21d1955f3fe

    SHA256

    d37d4b87fe5558432be9a843c7fffa5811fd338e4b08c363f3983792e9e5911f

    SHA512

    0618f0f2c88a341a1d2837a18ed4ea2532ab18917aaf8874e6208caf3abd4a2c3e4114c163a5ba8dd5e343bcb82a158c3e7064e6315bb8dab0a0b725ea1bf025

    Download Submit

  • memory/468-7-0x0000000000400000-0x000000000067B000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/468-9-0x0000000000400000-0x000000000067B000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2776-0-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2776-2-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2776-8-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download